-
Notifications
You must be signed in to change notification settings - Fork 0
/
mistake.txt
61 lines (48 loc) · 1.6 KB
/
mistake.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#include <stdio.h>
#include <fcntl.h>
#define PW_LEN 10
#define XORKEY 1
void xor(char* s, int len){
int i;
for(i=0; i<len; i++){
s[i] ^= XORKEY;
}
}
int main(int argc, char* argv[]){
int fd;
if(fd=open("/home/mistake/password",O_RDONLY,0400) < 0){
printf("can't open password %d\n", fd);
return 0;
}
printf("do not bruteforce...\n");
sleep(time(0)%20);
char pw_buf[PW_LEN+1];
int len;
if(!(len=read(fd,pw_buf,PW_LEN) > 0)){
printf("read error\n");
close(fd);
return 0;
}
char pw_buf2[PW_LEN+1];
printf("input password : ");
scanf("%10s", pw_buf2);
// xor your input
xor(pw_buf2, 10);
if(!strncmp(pw_buf, pw_buf2, PW_LEN)){
printf("Password OK\n");
system("/bin/cat flag\n");
}
else{
printf("Wrong Password\n");
}
close(fd);
return 0;
}
The row if(fd=open("/home/mistake/password",O_RDONLY,0400) < 0) execute the check <0 and then the assigment to the file descriptor, in this way fd stays on the stdin before printing "do not bruteforce...", so don't take the password and just calc the xor.
La riga if(fd=open("/home/mistake/password",O_RDONLY,0400) < 0) esegue prima il controllo <0 e poi l'assegnamento a fd, quindi fd rimane su standard input prima di stampare "do not bruteforce..." A questo punto non prende la password e basta fare il calcolo dello xor.
-----------------------------------------------------------------
| input: | 0000000000 |
| | 1111111111 |
|--------|------------------------------------------------------|
| flag: | Mommy, the operator priority always confuses me :( |
-----------------------------------------------------------------